refs #4074 get static and dynamic acls
gitea/salix/pipeline/head There was a failure building this commit
Details
gitea/salix/pipeline/head There was a failure building this commit
Details
This commit is contained in:
parent
fd21a03c01
commit
db3de2385d
|
|
@ -0,0 +1,58 @@
|
|||
module.exports = Self => {
|
||||
Self.remoteMethodCtx('acls', {
|
||||
description: 'Get all of the current user acls',
|
||||
returns: {
|
||||
type: 'Object',
|
||||
root: true
|
||||
},
|
||||
http: {
|
||||
path: '/acls',
|
||||
verb: 'GET'
|
||||
}
|
||||
});
|
||||
|
||||
const staticAcls = new Map();
|
||||
const app = require('vn-loopback/server/server');
|
||||
app.on('started', function() {
|
||||
for (const model of app.models()) {
|
||||
for (const acl of model.settings.acls) {
|
||||
if (acl.principalType == 'ROLE' && acl.permission == 'ALLOW') {
|
||||
const staticAcl = {
|
||||
model: model.name,
|
||||
property: '*',
|
||||
accessType: acl.accessType,
|
||||
permission: acl.permission,
|
||||
principalType: acl.principalType,
|
||||
principalId: acl.principalId,
|
||||
};
|
||||
if (staticAcls.has(acl.principalId))
|
||||
staticAcls.get(acl.principalId).push(staticAcl);
|
||||
else
|
||||
staticAcls.set(acl.principalId, [staticAcl]);
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
Self.acls = async function(ctx) {
|
||||
const acls = [];
|
||||
const userId = ctx.req.accessToken.userId;
|
||||
if (userId) {
|
||||
const dynamicAcls = await Self.rawSql(`
|
||||
SELECT *
|
||||
FROM salix.ACL a
|
||||
WHERE a.principalId IN (
|
||||
SELECT r.name COLLATE utf8mb3_general_ci
|
||||
FROM salix.RoleMapping rm
|
||||
JOIN account.role r ON r.id = rm.roleId
|
||||
WHERE rm.principalId = ?
|
||||
)`, [userId]);
|
||||
dynamicAcls.forEach(acl => acls.push(acl));
|
||||
staticAcls.get('$authenticated').forEach(acl => acls.push(acl));
|
||||
} else
|
||||
staticAcls.get('$unauthenticated').forEach(acl => acls.push(acl));
|
||||
|
||||
staticAcls.get('$everyone').forEach(acl => acls.push(acl));
|
||||
return acls;
|
||||
};
|
||||
};
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
module.exports = Self => {
|
||||
Self.remoteMethod('userAcl', {
|
||||
description: 'Get all of the current user permissions',
|
||||
accepts: {
|
||||
arg: 'roles',
|
||||
type: ['string'],
|
||||
required: true,
|
||||
},
|
||||
returns: {
|
||||
type: 'Object',
|
||||
root: true
|
||||
},
|
||||
http: {
|
||||
path: '/user/acl',
|
||||
verb: 'POST'
|
||||
}
|
||||
});
|
||||
|
||||
Self.userAcl = async function(roles) {
|
||||
return Self.rawSql(`SELECT * FROM salix.ACL a WHERE a.principalId IN (?)`, [roles]);
|
||||
};
|
||||
};
|
||||
|
|
@ -10,7 +10,7 @@ module.exports = function(Self) {
|
|||
require('../methods/vn-user/recover-password')(Self);
|
||||
require('../methods/vn-user/validate-token')(Self);
|
||||
require('../methods/vn-user/privileges')(Self);
|
||||
require('../methods/vn-user/user-acl')(Self);
|
||||
require('../methods/vn-user/acls')(Self);
|
||||
|
||||
// Validations
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ describe('Directive acl', () => {
|
|||
{role: {name: 'myOtherRole'}}
|
||||
]
|
||||
});
|
||||
$httpBackend.whenPOST('VnUsers/user/acl').respond([
|
||||
$httpBackend.whenGET('VnUsers/acls').respond([
|
||||
{
|
||||
id: 1,
|
||||
model: 'ModelExample',
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ describe('Service acl', () => {
|
|||
{role: {name: 'baz'}}
|
||||
]
|
||||
});
|
||||
$httpBackend.whenPOST('VnUsers/user/acl').respond([
|
||||
$httpBackend.whenGET('VnUsers/acls').respond([
|
||||
{
|
||||
id: 1,
|
||||
model: 'ModelExample',
|
||||
|
|
|
|||
|
|
@ -21,8 +21,7 @@ class AclService {
|
|||
}
|
||||
|
||||
this.acls = {};
|
||||
await this.$http.post('VnUsers/user/acl',
|
||||
{roles: Object.keys(this.roles)}).then(res => {
|
||||
await this.$http.get('VnUsers/acls').then(res => {
|
||||
res.data.forEach(acl => {
|
||||
this.acls[acl.model] = this.acls[acl.model] || {};
|
||||
this.acls[acl.model][acl.property] = this.acls[acl.model][acl.property] || {};
|
||||
|
|
|
|||
Loading…
Reference in New Issue